ArchiveDisruptive TechnologyOODA Original

The Tianfu Cup, iOS PoC Exploits and the Future of Global Hacker Competitions


Def Con 29 Capture the Flag Final Results: 
Katzebin (China);  Plaid Parliament of Pwning (USA); and Tea Deliverers (China)


Our August 2021 OODA Network Monthly Meeting included a discussion of Def Con 29, held in Las Vegas from August 5-8, 2021.  After the discussion, we were left with a few follow-up research questions from the network.

A Chinese Team (Katzebin) won the Def Con 29 CTF competition.  It was the second year in a row that a Chinese team had won the competition (A*0*E won the Def Con 28 CTF).   A shout out to the 2nd place winners of the Def Con 29 CTF, The Carnegie Mellon-Affiliated Plaid Parliament of Pwning (which won the silver for the 2nd year in a row), and the Chinese Team Tea Deliverers (which won third place and fourth place at Def Con 29 and 28, respectively).  Hacking competition comparisons to Olympic gymnastics and diving are appropriate: High-performance team and individual contributions coupled with the gold, silver, bronze podium dominance of American and Chinese teams.

During our OODA Network conversation, a network member familiar with global CTFs queried:  “Considering the recent Communist Party of China (CPC) restrictions on hacker participation in CTF events outside of the CPC, how were the Chinese team participating in the 2021 Tournament in Vegas? And would there be a Chinese presence at future international CFP Tournaments?”  The recent creation and success of the internal China-based CTF competition, known as The Tianfu Cup, was also of note in the monthly meeting.

Recently, we returned to researching these questions.  In so doing, they converged with Apple, Inc., The iPhone iOS, the privacy wars between Google and Apple, CPC surveillance technologies, The NSO Group, and the Chinese suppression of the Uighurs in Xinjiang, a northwestern province of China.

What We Know

It is all a bit of a puzzle, with a ‘reveal’ not much unlike a real crime podcast.  Which would be interesting and entertaining, if the stakes were not so high.

Much of our research and reporting is based on the detailed reporting of Patrick Howell O’Neill (@HowellONeill), the excellent cybersecurity reporter from the MIT Technology Review, company statements, and open-source intelligence.

2017:  Chinese hackers participate in Pwn2Own, the 10th version of the prestigious zero-days hacking competition.  In a statement, the CEO of the Chinese cybersecurity company Qihoo 36 criticized Chinese citizens who went overseas to participate in hacking competitions. According to the MIT Tech Review:  “In an interview with the Chinese news site Sina, Zhou Hongyi said that performing well in such events represented merely an “imaginary” success. Zhou warned that once Chinese hackers show off vulnerabilities at overseas competitions, they can “no longer be used.” Instead, he argued, the hackers and their knowledge should “stay in China” so that they could recognize the true importance and “strategic value” of the software vulnerabilities.  Beijing agreed. Soon, the Chinese government banned cybersecurity researchers from attending overseas hacking competitions.”

Also in August, the FBI arrested a Chinese national connected to malware used in OPM data breach.  In November, the U.S. charged three Chinese nationals for hacking three corporations for commercial advantage.

2018:  Chinese hackers no longer participate in Pwn2Own competitions and a hacking competition crops up in China for internal participants only. In November, the inaugural event was held.  Known as the Tianfu Cup, it is now China’s premier internal hacking competition, designed to replace participation by Chinese nationals in foreign competitions.   The top prize at the inaugural event was awarded to Qixun Zhao, a Qihoo 360 researcher.  The winning hack? A stunning chain of exploits that allowed Zhao to take control of the newest and most up-to-date iPhones.

According to O’Neill: “From a starting point within the Safari web browser, he found a weakness in the core of the iPhones operating system, its kernel. The result? A remote attacker could take over any iPhone that visited a web page containing Qixun’s malicious code. It’s the kind of hack that can potentially be sold for millions of dollars on the open market to give criminals or governments the ability to spy on large numbers of people. Qixun named it ‘Chaos'”.


In August 2019, the Project Zero Team at Google published “A very deep dive into iOS Exploit chains found in the wild,” which itemized thousands of iPhone iOS attacks over a two-year period.  According to O’Neill over at the Tech Review:  “Google’s discovery included, over a period of years, five so-called “exploit chains” with 14 vulnerabilities including at least one active zero-day vulnerability, the term used to describe an exploitable bug undiscovered by a company like Apple. When one exploit chain was rendered useless by an Apple patch, the hacker quickly implemented the next one.” (1)

The Google Researchers also revealed that “there was no target discrimination; simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant. We estimate that these sites receive thousands of visitors per week.”  The Project Zero Team did not offer any conjecture on or specific attribution of the attack, but conventional wisdom in the cybersecurity community was a nation-state level threat actor, as the price tag of such an attack seemed out of reach for an individual hacker or boutique shop.

“…the attacks were not indiscriminate…the hacking campaign targeted Uighurs…”

A quick tangent.  If we pull this “price tag” thread further:  Up until 2019 and dating back to 2016, the high cost of any iPhone zero-days exploit endeavor was captured in the story of the “The Million Dollar Dissident” and the use of NSO Group’s iPhone Zero-Days used against a United Arab Emirates human rights defender.  By July of 2021, we were doing an analysis of Project Pegasus, an expansive investigation by global news organizations of the NSO Group’s “zero-click” surveillance software.   By November of 2021, Apple was suing NSO Group over the Pegasus spyware.  Again, a tangent – but interesting, as the NSO Group has been seriously under fire for the last 6 to 8 months. Fact is, NSO Group software crops up everywhere over a much longer period of time than first reported in July of 2021.

Back to our main thread.

In September of 2019, Apple issued a statement in response to the initial Google research.  The primary revelation (or correction made) by Apple was that the attacks were not indiscriminate, but that “the hacking campaign targeted Uighurs, a Muslim minority in China, many of whom live in Xinjiang, a northwestern province where approximately a million people are being held in detention camps.” The Tech Review’s O’Neill had already been covering the targeting of the Uighurs in 2019, detailing “how Chinese officials put spyware apps on Uighurs’ phones, one of many surveillance techniques the government has used against Uighurs, Tibetans, and other dissidents.”

Apple stated:  “First, the sophisticated attack was narrowly focused, not a broad-based exploit of iPhones ‘en masse’ as described. The attack affected fewer than a dozen websites that focus on content related to the Uighur community. Google’s post, issued six months after iOS patches were released, creates the false impression of ‘mass exploitation’ to ‘monitor the private activities of entire populations in real-time,’ stoking fear among all iPhone users that their devices had been compromised. This was never the case.”

…the Tianfu hack and the Uyghur hack were one and the same…”

What is most important for our purposes here is that Apple’s 2019 statement did not offer a clear attribution of the Zero Day vulnerability.  O’Neill provided some final context on all he knew from his reporting in 2019:

  • Length of attack:  Apple asserted that the campaign lasted “roughly two months” and “not ‘two years’ as Google implies.” Apple says it fixed the problem shortly after it became aware of it. iPhone users who have updated their phones’ operating systems are protected.
  • Impact of attack: The overall thrust of Google’s report is not in question. The attack is one of the most serious, and successful, attacks ever perpetrated against iPhones. Not only is the number of people who were affected unclear, but so too is the impact on those individuals.  Amnesty International has detailed what it described as “an effort by the Chinese government to wipe out religious beliefs and aspects of cultural identity in order to enforce political loyalty for the State and the Communist Party of China.  Apple, which does a large amount of business in China, never names the country, or the Chinese government, in its statement. Google likewise avoided any such characterizations. (2)

O’Neill and the team over at the MIT Technology Review tied it all together in their May of 2021 article “How China turned a prize-winning iPhone hack against the Uyghurs“:

Shortly after Google’s researchers noted the attacks, media reports connected the dots: the targets of the campaign [using Zhaos’ Tianfu Cup-winning Chaos exploit] were the Uyghur people, and the hackers were linked to the Chinese government. Apple published a rare blog post that confirmed the attack had taken place over two months: that is, the period beginning immediately after Qixun won the Tianfu Cup and stretching until Apple issued the fix.

MIT Technology Review has learned that United States government surveillance independently spotted the Chaos exploit being used against Uyghurs, and informed Apple. (Both Apple and Google declined to comment on this story.)

The Americans concluded that the Chinese essentially followed the “strategic value” plan laid out by Qihoo’s Zhou Hongyi; that the Tianfu Cup had generated an important hack; and that the exploit had been quickly handed over to Chinese intelligence, which then used it to spy on Uyghurs.

The US collected the full details of the exploit used to hack the Uyghurs, and it matched Tianfu’s Chaos hack, MIT Technology Review has learned. (Google’s in-depth examination later noted how structurally similar the exploits are.) The US quietly informed Apple, which had already been tracking the attack on its own, and reached the same conclusion: the Tianfu hack and the Uyghur hack were one and the same. The company prioritized a difficult fix.


The saga continues, as Tianfu Cup participants continue to break the Apple iOS on a consistent basis and Chinese hackers continue to dominate the hacker competition terrain.  Some further headlines:

October 2019
Microsoft recognizes top-tier security researchers at Black Hat 2019 | The Daily Swig (
Microsoft names top security researchers, zero-day contributors | ZDNet

September 2021
Researcher dumps three iOS zero-days after Apple failed to fix issues for months
Three iOS 0-days revealed by researcher frustrated with Apple’s bug bounty

October 2021
iPhone 13 Pro Hacked, Tianfu Cup, China Hackers, iOS 15 jailbreak
$1.9 Million Paid Out for Exploits at China’s Tianfu Cup Hacking Contest | SecurityWeek.Com

What Next?

In light of this baseline research and series of events, we have expanded our initial core research questions to include the following implications:

  1. Post pandemic, will international CTF competitions be welcoming to Chinese Teams?
  2. What is the risk assessment of IP vulnerability at these events?
  3. Will hybrid and virtual events mitigate this IP risk?
  4. Will the hacker community (and the annual events held by this community) suffer at the hands of the “Chinese Threat” narrative?
  5. Are there any OSINT signs of the USG coming down formally on Chinese hacking teams entering the U.S. for competition?
  6. Def Con 30 will be under new management in 2022. How can this new operation avoid some of the missteps and pitfalls of the Olympics movement when dealing with similar issues in a competitive environment?
  7. Foreign exchange programs have always been a positive diplomatic tool for the direct interaction of citizens of opposing countries.  CTF Tournaments are a long-standing version of such cultural exchanges.  How do we think about the loss of community and openness in the hacker community at CTF tournaments worldwide, including ongoing camaraderie with championship-winning teams like Katzebin and Tea Deliverers?

Related Reading:

Black Swans and Gray Rhinos

Now more than ever, organizations need to apply rigorous thought to business risks and opportunities. In doing so it is useful to understand the concepts embodied in the terms Black Swan and Gray Rhino. See: Potential Future Opportunities, Risks and Mitigation Strategies in the Age of Continuous Crisis

Cybersecurity Sensemaking: Strategic intelligence to inform your decisionmaking

The OODA leadership and analysts have decades of experience in understanding and mitigating cybersecurity threats and apply this real world practitioner knowledge in our research and reporting. This page on the site is a repository of the best of our actionable research as well as a news stream of our daily reporting on cybersecurity threats and mitigation measures. See: Cybersecurity Sensemaking

Corporate Sensemaking: Establishing an Intelligent Enterprise

OODA’s leadership and analysts have decades of direct experience helping organizations improve their ability to make sense of their current environment and assess the best courses of action for success going forward. This includes helping establish competitive intelligence and corporate intelligence capabilities. Our special series on the Intelligent Enterprise highlights research and reports that can accelerate any organization along their journey to optimized intelligence. See: Corporate Sensemaking

Artificial Intelligence Sensemaking: Take advantage of this mega trend for competitive advantage

This page serves as a dynamic resource for OODA Network members looking for Artificial Intelligence information to drive their decision-making process. This includes a special guide for executives seeking to make the most of AI in their enterprise. See: Artificial Intelligence Sensemaking

COVID-19 Sensemaking: What is next for business and governments

From the very beginning of the pandemic we have focused on research on what may come next and what to do about it today. This section of the site captures the best of our reporting plus daily daily intelligence as well as pointers to reputable information from other sites. See: OODA COVID-19 Sensemaking Page.

Space Sensemaking: What does your business need to know now

A dynamic resource for OODA Network members looking for insights into the current and future developments in Space, including a special executive’s guide to space. See: Space Sensemaking

Quantum Computing Sensemaking

OODA is one of the few independent research sources with experience in due diligence on quantum computing and quantum security companies and capabilities. Our practitioner’s lens on insights ensures our research is grounded in reality. See: Quantum Computing Sensemaking.

The OODAcast Video and Podcast Series

In 2020, we launched the OODAcast video and podcast series designed to provide you with insightful analysis and intelligence to inform your decision making process. We do this through a series of expert interviews and topical videos highlighting global technologies such as cybersecurity, AI, quantum computing along with discussions on global risk and opportunity issues. See: The OODAcast

Daniel Pereira

Daniel Pereira

Daniel Pereira is research director at OODA. He is a foresight strategist, creative technologist, and an information communication technology (ICT) and digital media researcher with 20+ years of experience directing public/private partnerships and strategic innovation initiatives.